ctipilot.ch

Home · Live brief · Daily brief 2026-07-03

AdaptHealth breached via a social-engineered hijack of a third-party contractor's session

notable incident discovered 2026-07-03 04:48 UTC single-source

Part of run 2026-07-03-04ba8283 (intel · Anthropic Claude (specific model not determined))

DME and home-healthcare provider AdaptHealth Corp. (Nasdaq: AHCO) filed an SEC Form 8-K (Item 1.05) on 2026-07-02 disclosing that an actor accessed its cloud-based business applications — including internal patient-management systems and document storage — through "a successful social engineering attack that compromised a user session associated with a third-party contractor" (SEC 8-K, 2026-07-02). The company received an extortion communication on 2026-06-15 and determined materiality on 2026-06-27; confirmed exfiltration includes a stored insurance-billing password file plus patient PII and PHI, though it says SSNs and payment-card data are not held in the affected systems (StockTitan filing digest, 2026-07-02). No threat-actor group is named. The session-hijack-of-a-contractor pattern echoes Scattered-Spider-style help-desk/vishing tradecraft, though the filing does not attribute.

“The incident was the result of a successful social engineering attack that compromised a user session associated with a third-party contractor.” — SEC EDGAR — AdaptHealth 8-K

“The Company has confirmed that certain data was exfiltrated from its systems including a stored password file associated with insurance billing.” — SEC EDGAR — AdaptHealth 8-K

data-breach phishing identity us